itlawwikiaorg-20200214-history
Trojan horse
Definitions Named after the wooden horse from Greek mythology, a Trojan horse is a How it works A Trojan horse program typically falls into one of the following categories: #Legitimate application designers will often insert unauthorized instructions within their products, as either a backdoor mechanism, or as a way of collecting personal information about the users of their product. These instructions perform these operations without the knowledge or permission of the user. #A legitimate-appearing program that has been obtained from a questionable source is altered by the placement of unauthorized instructions within it. These instructions perform secondary functions unknown to the user. #Any other program that appears to perform one operation or function but that, because of the unknown instructions within it (by design), performs functions unknown to the user. A Trojan horse may enter a user's computer by presenting itself as an attractive tool of some sort, which the user intentionally downloads and installs, unaware of its ulterior purpose. Trojan horses typically build in the functionality of keylogging software and other spyware and a range of other functions to disable system security. A Trojan horse, once delivered to its host and executed, might be activated at any time, either by remote control, by a timer mechanism, or through detecting certain events on the host (or a combination of all three). Some Trojan horses are intended to replace existing files, such as system and application executables, with malicious versions; others add another application to systems instead of overwriting existing files. Trojan horses tend to conform to one of the following three models: * Continuing to perform the function of the original program and also performing separate, unrelated malicious activity (e.g., a videogame that also collects application passwords); * Continuing to perform the function of the original program but modifying the function to perform malicious activity (e.g., a Trojan horse version of a login program that collects passwords) or to disguise other malicious activity (e.g., a Trojan horse version of a process-listing program that does not display other malicious processes); and * Performing a malicious function that completely replaces the function of the original program (e.g., a file that claims to be a videogame but actually just deletes all system files when it is run). Trojan horses can be difficult to detect. Because many are specifically designed to conceal their presence on systems and perform the original program's function properly, users and system administrators may not notice them. Many newer Trojan horses also make use of some of the same obfuscation techniques that viruses use to avoid detection. The use of Trojan horses to distribute spyware programs has become increasingly common. Spyware is often bundled with software, such as certain peer-to-peer file-sharing client programs; when the user installs the supposedly benign software, it then covertly installs spyware programs. Trojan horses also often deliver other types of attacker tools onto systems, which can provide unauthorized access to or usage of infected systems. These tools may be bundled with the Trojan horse or downloaded by the Trojan horse after it is placed onto a system and run. Trojan horses can cause serious technical issues on systems. For example, a Trojan horse that replaces legitimate system executables may cause certain functionality to be performed incorrectly or lost altogether. Spyware-related Trojan horses have been particularly disruptive to many systems because they are often intentionally invasive, making many modifications to systems and deploying themselves so that their removal causes serious disruption to the system, in some cases to the point where the system can no longer function. Trojan horses and the tools they install can also be resource-intensive, causing noticeable performance degradation on infected systems. Some well-known Trojan horses are SubSeven, Back Orifice, and Optix Pro. References Source * Assessing Technology, Methods, and Information for Committing and Combating Cyber Crime. External resources * Trojan horse. See also * Bomb * Recovering from Viruses, Worms, and Trojan Horses * Trojan attack * Trojan clicker * Trojan network Category:Software Category:Security Category:Spyware Category:Malware Category:Definition